[Openswan Users] "mycon" #1: ERROR: asynchronous network error report on ppp1 (sport=500) for message
Gopaal V Krishnan
vkrishnan at airfortnet.com
Fri Jun 20 12:59:40 EDT 2008
Peter
Thanks for the suggestion. I modified my conf file
It still did not help
Regards
Gopaal
-----Original Message-----
From: Peter McGill [mailto:petermcgill at goco.net]
Sent: Friday, June 20, 2008 12:01 PM
To: 'Gopaal V Krishnan'; users at openswan.org
Subject: RE: [Openswan Users] "mycon" #1: ERROR: asynchronous network error
report on ppp1 (sport=500) for message
Gopaal,
One problem is that you have opportunistic encryption enabled.
Add/uncomment the following in your ipsec.conf:
include /etc/ipsec.d/examples/no_oe.conf
Peter McGill
IT Systems Analyst
Gra Ham Energy Limited
> -----Original Message-----
> From: users-bounces at openswan.org
> [mailto:users-bounces at openswan.org] On Behalf Of Gopaal V Krishnan
> Sent: June 20, 2008 7:47 AM
> To: users at openswan.org
> Subject: [Openswan Users] "mycon" #1: ERROR: asynchronous
> network error report on ppp1 (sport=500) for message
>
> Gentlemen,
>
> I am stuck with the above error and need urgent help.
>
> The ipsec.conf file is
> version 2
>
> config setup
> nat_traversal=yes
> nhelpers=1
> interfaces="ipsec1=ppp1"
> klipsdebug=none
> plutodebug=all
> plutostderrlog=/var/log/pluto.log
>
> # sample connection
> conn mycon
> left=68.247.6.41 #cellular ppp link on sprint
> right=70.4.69.180 #cellular ppp link on sprint
> rightsubnet=172.16.1.0/24
> authby=secret
> auto=add
>
> The output of ipsec verify is
>
> # ipsec verify
> Checking your system to see if IPsec got installed and
> started correctly:
> Version check and ipsec on-path [OK]
> Linux Openswan U2.4.9/K2.6.24-19-generic (netkey)
> Checking for IPsec support in kernel [OK]
> NETKEY detected, testing for disabled ICMP send_redirects [OK]
> NETKEY detected, testing for disabled ICMP accept_redirects [OK]
> Checking for RSA private key (/etc/ipsec.secrets)
> [DISABLED]
> ipsec showhostkey: no default key in "/etc/ipsec.secrets"
> Checking that pluto is running [OK]
> Two or more interfaces found, checking IP forwarding [OK]
> Checking NAT and MASQUERADEing [N/A]
> Checking for 'ip' command [OK]
> Checking for 'iptables' command [OK]
>
> Opportunistic Encryption DNS checks:
> Looking for TXT in forward dns zone: ubuntu
> [MISSING]
> Does the machine have at least one non-private address? [OK]
> Looking for TXT in reverse dns zone:
> 41.6.247.68.in-addr.arpa. [MISSING]
>
> after I start the conection using the statement
>
> #ipsec auto --up mycon
>
> The relevant portion of pluto debug log is
>
> # cat pluto.log
> Plutorun started on Fri Jun 20 07:36:40 EDT 2008
> Starting Pluto (Openswan Version 2.4.9 LDAP_V3
> PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OESJIo`rkcdb)
> Setting NAT-Traversal port-4500 floating to on
> port floating activation criteria nat_t=1/port_fload=1
> including NAT-Traversal patch (Version 0.6c)
> | opening /dev/urandom
> | inserting event EVENT_REINIT_SECRET, timeout in 3600 seconds
> | inserting event EVENT_PENDING_PHASE2, timeout in 120 seconds
> ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
> starting up 1 cryptographic helpers
> | opening /dev/urandom
> | certs and keys locked by 'free_preshared_secrets'
> | certs and keys unlocked by 'free_preshard_secrets'
> ! helper 0 waiting on fd: 6
> started helper pid=7101 (fd:5)
> | process 7100 listening for PF_KEY_V2 on file descriptor 6
> Using NETKEY IPsec interface code on 2.6.24-19-generic
> | pfkey_lib_debug:pfkey_msg_hdr_build:
> | pfkey_lib_debug:pfkey_msg_hdr_build: on_entry
> &pfkey_ext=0p0xbf9bf180 pfkey_ext=0p0xbf9bf19c *pfkey_ext=0p(nil).
> | pfkey_lib_debug:pfkey_msg_hdr_build: on_exit
> &pfkey_ext=0p0xbf9bf180 pfkey_ext=0p0xbf9bf19c
> *pfkey_ext=0p0x8101ed8.
> | pfkey_lib_debug:pfkey_msg_build: pfkey_msg=0p0x8101ef0
> allocated 16 bytes, &(extensions[0])=0p0xbf9bf19c
> | pfkey_lib_debug:pfkey_msg_build: extensions
> permitted=00000001, seen=00000001, required=00000001.
> | pfkey_lib_debug:pfkey_msg_parse: parsing message ver=2,
> type=7(register), errno=0, satype=2(AH), len=2, res=0, seq=1,
> pid=7100.
> | pfkey_lib_debug:pfkey_msg_parse: remain=0
> | pfkey_lib_debug:pfkey_msg_parse: extensions
> permitted=00000001, required=00000001.
> | pfkey_lib_debug:pfkey_msg_parse: extensions
> permitted=00000001, seen=00000001, required=00000001.
> | finish_pfkey_msg: SADB_REGISTER message 1 for AH
> | 02 07 00 02 02 00 00 00 01 00 00 00 bc 1b 00 00
> | pfkey_get: SADB_REGISTER message 1
> | AH registered with kernel.
> | pfkey_lib_debug:pfkey_msg_hdr_build:
> | pfkey_lib_debug:pfkey_msg_hdr_build: on_entry
> &pfkey_ext=0p0xbf9bf180 pfkey_ext=0p0xbf9bf19c *pfkey_ext=0p(nil).
> | pfkey_lib_debug:pfkey_msg_hdr_build: on_exit
> &pfkey_ext=0p0xbf9bf180 pfkey_ext=0p0xbf9bf19c
> *pfkey_ext=0p0x8101ef0.
> | pfkey_lib_debug:pfkey_msg_build: pfkey_msg=0p0x8101ed8
> allocated 16 bytes, &(extensions[0])=0p0xbf9bf19c
> | pfkey_lib_debug:pfkey_msg_build: extensions
> permitted=00000001, seen=00000001, required=00000001.
> | pfkey_lib_debug:pfkey_msg_parse: parsing message ver=2,
> type=7(register), errno=0, satype=3(ESP), len=2, res=0,
> seq=2, pid=7100.
> | pfkey_lib_debug:pfkey_msg_parse: remain=0
> | pfkey_lib_debug:pfkey_msg_parse: extensions
> permitted=00000001, required=00000001.
> | pfkey_lib_debug:pfkey_msg_parse: extensions
> permitted=00000001, seen=00000001, required=00000001.
> | finish_pfkey_msg: SADB_REGISTER message 2 for ESP
> | 02 07 00 03 02 00 00 00 02 00 00 00 bc 1b 00 00
> | pfkey_get: SADB_REGISTER message 2
> | alg_init():memset(0x80ffc60, 0, 2016) memset(0x8100440, 0, 2048)
> | kernel_alg_register_pfkey(): SADB_SATYPE_ESP:
> sadb_msg_len=17 sadb_supported_len=48
> | kernel_alg_add():satype=3, exttype=14, alg_id=251
> | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[0],
> exttype=14, satype=3, alg_id=251, alg_ivlen=0, alg_minbits=0,
> alg_maxbits=0, res=0, ret=1
> | kernel_alg_add():satype=3, exttype=14, alg_id=2
> | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[1],
> exttype=14, satype=3, alg_id=2, alg_ivlen=0, alg_minbits=128,
> alg_maxbits=128, res=0, ret=1
> | kernel_alg_add():satype=3, exttype=14, alg_id=3
> | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[2],
> exttype=14, satype=3, alg_id=3, alg_ivlen=0, alg_minbits=160,
> alg_maxbits=160, res=0, ret=1
> | kernel_alg_add():satype=3, exttype=14, alg_id=5
> | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[3],
> exttype=14, satype=3, alg_id=5, alg_ivlen=0, alg_minbits=256,
> alg_maxbits=256, res=0, ret=1
> | kernel_alg_add():satype=3, exttype=14, alg_id=9
> | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[4],
> exttype=14, satype=3, alg_id=9, alg_ivlen=0, alg_minbits=128,
> alg_maxbits=128, res=0, ret=1
> | kernel_alg_register_pfkey(): SADB_SATYPE_ESP:
> sadb_msg_len=17 sadb_supported_len=72
> | kernel_alg_add():satype=3, exttype=15, alg_id=11
> | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[5],
> exttype=15, satype=3, alg_id=11, alg_ivlen=0, alg_minbits=0,
> alg_maxbits=0, res=0, ret=1
> | kernel_alg_add():satype=3, exttype=15, alg_id=2
> | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[6],
> exttype=15, satype=3, alg_id=2, alg_ivlen=8, alg_minbits=64,
> alg_maxbits=64, res=0, ret=1
> | kernel_alg_add():satype=3, exttype=15, alg_id=3
> | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[7],
> exttype=15, satype=3, alg_id=3, alg_ivlen=8, alg_minbits=192,
> alg_maxbits=192, res=0, ret=1
> | kernel_alg_add():satype=3, exttype=15, alg_id=7
> | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[8],
> exttype=15, satype=3, alg_id=7, alg_ivlen=8, alg_minbits=40,
> alg_maxbits=448, res=0, ret=1
> | kernel_alg_add():satype=3, exttype=15, alg_id=12
> | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[9],
> exttype=15, satype=3, alg_id=12, alg_ivlen=8,
> alg_minbits=128, alg_maxbits=256, res=0, ret=1
> | kernel_alg_add():satype=3, exttype=15, alg_id=252
> | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[10],
> exttype=15, satype=3, alg_id=252, alg_ivlen=8,
> alg_minbits=128, alg_maxbits=256, res=0, ret=1
> | kernel_alg_add():satype=3, exttype=15, alg_id=22
> | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[11],
> exttype=15, satype=3, alg_id=22, alg_ivlen=8,
> alg_minbits=128, alg_maxbits=256, res=0, ret=1
> | kernel_alg_add():satype=3, exttype=15, alg_id=253
> | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[12],
> exttype=15, satype=3, alg_id=253, alg_ivlen=8,
> alg_minbits=128, alg_maxbits=256, res=0, ret=1
> | ESP registered with kernel.
> | pfkey_lib_debug:pfkey_msg_hdr_build:
> | pfkey_lib_debug:pfkey_msg_hdr_build: on_entry
> &pfkey_ext=0p0xbf9bf180 pfkey_ext=0p0xbf9bf19c *pfkey_ext=0p(nil).
> | pfkey_lib_debug:pfkey_msg_hdr_build: on_exit
> &pfkey_ext=0p0xbf9bf180 pfkey_ext=0p0xbf9bf19c
> *pfkey_ext=0p0x8101ed8.
> | pfkey_lib_debug:pfkey_msg_build: pfkey_msg=0p0x8101ef0
> allocated 16 bytes, &(extensions[0])=0p0xbf9bf19c
> | pfkey_lib_debug:pfkey_msg_build: extensions
> permitted=00000001, seen=00000001, required=00000001.
> | pfkey_lib_debug:pfkey_msg_parse: parsing message ver=2,
> type=7(register), errno=0, satype=9(IPIP), len=2, res=0,
> seq=3, pid=7100.
> | pfkey_lib_debug:pfkey_msg_parse: remain=0
> | pfkey_lib_debug:pfkey_msg_parse: extensions
> permitted=00000001, required=00000001.
> | pfkey_lib_debug:pfkey_msg_parse: extensions
> permitted=00000001, seen=00000001, required=00000001.
> | finish_pfkey_msg: SADB_REGISTER message 3 for IPCOMP
> | 02 07 00 09 02 00 00 00 03 00 00 00 bc 1b 00 00
> | pfkey_get: SADB_REGISTER message 3
> | IPCOMP registered with kernel.
> Changing to directory '/etc/ipsec.d/cacerts'
> Changing to directory '/etc/ipsec.d/aacerts'
> Changing to directory '/etc/ipsec.d/ocspcerts'
> Changing to directory '/etc/ipsec.d/crls'
> Warning: empty directory
> | inserting event EVENT_LOG_DAILY, timeout in 58999 seconds
> | next event EVENT_PENDING_PHASE2 in 119 seconds
> |
> | *received whack message
> | certs and keys locked by 'free_preshared_secrets'
> | certs and keys unlocked by 'free_preshard_secrets'
> loading secrets from "/etc/ipsec.secrets"
> | certs and keys locked by 'process_secret'
> | certs and keys unlocked by 'process_secrets'
> | next event EVENT_PENDING_PHASE2 in 119 seconds
> |
> | *received whack message
> | Added new connection mycon with policy PSK+ENCRYPT+TUNNEL+PFS
> | counting wild cards for (none) is 15
> | counting wild cards for (none) is 15
> added connection description "mycon"
> | 68.247.6.41...70.4.69.180===172.16.1.0/24
> | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s;
> rekey_fuzz: 100%; keyingtries: 0; policy: PSK+ENCRYPT+TUNNEL+PFS
> | next event EVENT_PENDING_PHASE2 in 119 seconds
> |
> | *received whack message
> listening for IKE messages
> | found ppp1 with address 68.247.6.41
> adding interface ppp1/ppp1 68.247.6.41:500
> adding interface ppp1/ppp1 68.247.6.41:4500
> | connect_to_host_pair: 68.247.6.41:500 70.4.69.180:500 -> hp:none
> | certs and keys locked by 'free_preshared_secrets'
> forgetting secrets
> | certs and keys unlocked by 'free_preshard_secrets'
> loading secrets from "/etc/ipsec.secrets"
> | certs and keys locked by 'process_secret'
> | certs and keys unlocked by 'process_secrets'
> | next event EVENT_PENDING_PHASE2 in 119 seconds
> |
> | *received whack message
> | next event EVENT_PENDING_PHASE2 in 119 seconds
> |
> | *received whack message
> | next event EVENT_PENDING_PHASE2 in 119 seconds
> |
> | *received whack message
> | next event EVENT_PENDING_PHASE2 in 119 seconds
> |
> | *received whack message
> | next event EVENT_PENDING_PHASE2 in 119 seconds
> |
> | *received whack message
> | next event EVENT_PENDING_PHASE2 in 119 seconds
> |
> | *received whack message
> | next event EVENT_PENDING_PHASE2 in 119 seconds
> |
> | *received whack message
> | processing connection mycon
> | empty esp_info, returning empty
> | creating state object #1 at 0x81029c0
> | processing connection mycon
> | ICOOKIE: 3f 44 12 37 b9 ad 33 f4
> | RCOOKIE: 00 00 00 00 00 00 00 00
> | peer: 46 04 45 b4
> | state hash entry 22
> | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #1
> | Queuing pending Quick Mode with 70.4.69.180 "mycon"
> "mycon" #1: initiating Main Mode
> | **emit ISAKMP Message:
> | initiator cookie:
> | 3f 44 12 37 b9 ad 33 f4
> | responder cookie:
> | 00 00 00 00 00 00 00 00
> | next payload type: ISAKMP_NEXT_SA
> | ISAKMP version: ISAKMP Version 1.0
> | exchange type: ISAKMP_XCHG_IDPROT
> | flags: none
> | message ID: 00 00 00 00
> | no IKE algorithms for this connection
> | ***emit ISAKMP Security Association Payload:
> | next payload type: ISAKMP_NEXT_VID
> | DOI: ISAKMP_DOI_IPSEC
> | ****emit IPsec DOI SIT:
> | IPsec DOI SIT: SIT_IDENTITY_ONLY
> | out_sa pcn: 0 has 1 valid proposals
> | out_sa pcn: 0 pn: 0<1 valid_count: 1
> | ****emit ISAKMP Proposal Payload:
> | next payload type: ISAKMP_NEXT_NONE
> | proposal number: 0
> | protocol ID: PROTO_ISAKMP
> | SPI size: 0
> | number of transforms: 4
> | *****emit ISAKMP Transform Payload (ISAKMP):
> | next payload type: ISAKMP_NEXT_T
> | transform number: 0
> | transform ID: KEY_IKE
> | ******emit ISAKMP Oakley attribute:
> | af+type: OAKLEY_LIFE_TYPE
> | length/value: 1
> | [1 is OAKLEY_LIFE_SECONDS]
> | ******emit ISAKMP Oakley attribute:
> | af+type: OAKLEY_LIFE_DURATION
> | length/value: 3600
> | ******emit ISAKMP Oakley attribute:
> | af+type: OAKLEY_ENCRYPTION_ALGORITHM
> | length/value: 5
> | [5 is OAKLEY_3DES_CBC]
> | ******emit ISAKMP Oakley attribute:
> | af+type: OAKLEY_HASH_ALGORITHM
> | length/value: 1
> | [1 is OAKLEY_MD5]
> | ******emit ISAKMP Oakley attribute:
> | af+type: OAKLEY_AUTHENTICATION_METHOD
> | length/value: 1
> | [1 is OAKLEY_PRESHARED_KEY]
> | ******emit ISAKMP Oakley attribute:
> | af+type: OAKLEY_GROUP_DESCRIPTION
> | length/value: 5
> | [5 is OAKLEY_GROUP_MODP1536]
> | emitting length of ISAKMP Transform Payload (ISAKMP): 32
> | *****emit ISAKMP Transform Payload (ISAKMP):
> | next payload type: ISAKMP_NEXT_T
> | transform number: 1
> | transform ID: KEY_IKE
> | ******emit ISAKMP Oakley attribute:
> | af+type: OAKLEY_LIFE_TYPE
> | length/value: 1
> | [1 is OAKLEY_LIFE_SECONDS]
> | ******emit ISAKMP Oakley attribute:
> | af+type: OAKLEY_LIFE_DURATION
> | length/value: 3600
> | ******emit ISAKMP Oakley attribute:
> | af+type: OAKLEY_ENCRYPTION_ALGORITHM
> | length/value: 5
> | [5 is OAKLEY_3DES_CBC]
> | ******emit ISAKMP Oakley attribute:
> | af+type: OAKLEY_HASH_ALGORITHM
> | length/value: 2
> | [2 is OAKLEY_SHA1]
> | ******emit ISAKMP Oakley attribute:
> | af+type: OAKLEY_AUTHENTICATION_METHOD
> | length/value: 1
> | [1 is OAKLEY_PRESHARED_KEY]
> | ******emit ISAKMP Oakley attribute:
> | af+type: OAKLEY_GROUP_DESCRIPTION
> | length/value: 5
> | [5 is OAKLEY_GROUP_MODP1536]
> | emitting length of ISAKMP Transform Payload (ISAKMP): 32
> | *****emit ISAKMP Transform Payload (ISAKMP):
> | next payload type: ISAKMP_NEXT_T
> | transform number: 2
> | transform ID: KEY_IKE
> | ******emit ISAKMP Oakley attribute:
> | af+type: OAKLEY_LIFE_TYPE
> | length/value: 1
> | [1 is OAKLEY_LIFE_SECONDS]
> | ******emit ISAKMP Oakley attribute:
> | af+type: OAKLEY_LIFE_DURATION
> | length/value: 3600
> | ******emit ISAKMP Oakley attribute:
> | af+type: OAKLEY_ENCRYPTION_ALGORITHM
> | length/value: 5
> | [5 is OAKLEY_3DES_CBC]
> | ******emit ISAKMP Oakley attribute:
> | af+type: OAKLEY_HASH_ALGORITHM
> | length/value: 2
> | [2 is OAKLEY_SHA1]
> | ******emit ISAKMP Oakley attribute:
> | af+type: OAKLEY_AUTHENTICATION_METHOD
> | length/value: 1
> | [1 is OAKLEY_PRESHARED_KEY]
> | ******emit ISAKMP Oakley attribute:
> | af+type: OAKLEY_GROUP_DESCRIPTION
> | length/value: 2
> | [2 is OAKLEY_GROUP_MODP1024]
> | emitting length of ISAKMP Transform Payload (ISAKMP): 32
> | *****emit ISAKMP Transform Payload (ISAKMP):
> | next payload type: ISAKMP_NEXT_NONE
> | transform number: 3
> | transform ID: KEY_IKE
> | ******emit ISAKMP Oakley attribute:
> | af+type: OAKLEY_LIFE_TYPE
> | length/value: 1
> | [1 is OAKLEY_LIFE_SECONDS]
> | ******emit ISAKMP Oakley attribute:
> | af+type: OAKLEY_LIFE_DURATION
> | length/value: 3600
> | ******emit ISAKMP Oakley attribute:
> | af+type: OAKLEY_ENCRYPTION_ALGORITHM
> | length/value: 5
> | [5 is OAKLEY_3DES_CBC]
> | ******emit ISAKMP Oakley attribute:
> | af+type: OAKLEY_HASH_ALGORITHM
> | length/value: 1
> | [1 is OAKLEY_MD5]
> | ******emit ISAKMP Oakley attribute:
> | af+type: OAKLEY_AUTHENTICATION_METHOD
> | length/value: 1
> | [1 is OAKLEY_PRESHARED_KEY]
> | ******emit ISAKMP Oakley attribute:
> | af+type: OAKLEY_GROUP_DESCRIPTION
> | length/value: 2
> | [2 is OAKLEY_GROUP_MODP1024]
> | emitting length of ISAKMP Transform Payload (ISAKMP): 32
> | emitting length of ISAKMP Proposal Payload: 136
> | emitting length of ISAKMP Security Association Payload: 148
> | ***emit ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_NONE
> | emitting 12 raw bytes of Vendor ID into ISAKMP Vendor ID Payload
> | Vendor ID 4f 45 53 4a 49 6f 60 72 6b 63 64 62
> | emitting length of ISAKMP Vendor ID Payload: 16
> | ***emit ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_NONE
> | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
> | V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00
> | emitting length of ISAKMP Vendor ID Payload: 20
> | nat traversal enabled: 1
> | nat add vid. port: 1 nonike: 1
> | out_vendorid(): sending [RFC 3947]
> | ***emit ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_NONE
> | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
> | V_ID 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f
> | emitting length of ISAKMP Vendor ID Payload: 20
> | out_vendorid(): sending [draft-ietf-ipsec-nat-t-ike-03]
> | ***emit ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_NONE
> | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
> | V_ID 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56
> | emitting length of ISAKMP Vendor ID Payload: 20
> | out_vendorid(): sending [draft-ietf-ipsec-nat-t-ike-02]
> | ***emit ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_NONE
> | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
> | V_ID cd 60 46 43 35 df 21 f8 7c fd b2 fc 68 b6 a4 48
> | emitting length of ISAKMP Vendor ID Payload: 20
> | out_vendorid(): sending [draft-ietf-ipsec-nat-t-ike-02_n]
> | ***emit ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_NONE
> | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
> | V_ID 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f
> | emitting length of ISAKMP Vendor ID Payload: 20
> | out_vendorid(): sending [draft-ietf-ipsec-nat-t-ike-00]
> | ***emit ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_NONE
> | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
> | V_ID 44 85 15 2d 18 b6 bb cd 0b e8 a8 46 95 79 dd cc
> | emitting length of ISAKMP Vendor ID Payload: 20
> | emitting length of ISAKMP Message: 312
> | sending 312 bytes for main_outI1 through ppp1:500 to
> 70.4.69.180:500:
> | 3f 44 12 37 b9 ad 33 f4 00 00 00 00 00 00 00 00
> | 01 10 02 00 00 00 00 00 00 00 01 38 0d 00 00 94
> | 00 00 00 01 00 00 00 01 00 00 00 88 00 01 00 04
> | 03 00 00 20 00 01 00 00 80 0b 00 01 80 0c 0e 10
> | 80 01 00 05 80 02 00 01 80 03 00 01 80 04 00 05
> | 03 00 00 20 01 01 00 00 80 0b 00 01 80 0c 0e 10
> | 80 01 00 05 80 02 00 02 80 03 00 01 80 04 00 05
> | 03 00 00 20 02 01 00 00 80 0b 00 01 80 0c 0e 10
> | 80 01 00 05 80 02 00 02 80 03 00 01 80 04 00 02
> | 00 00 00 20 03 01 00 00 80 0b 00 01 80 0c 0e 10
> | 80 01 00 05 80 02 00 01 80 03 00 01 80 04 00 02
> | 0d 00 00 10 4f 45 53 4a 49 6f 60 72 6b 63 64 62
> | 0d 00 00 14 af ca d7 13 68 a1 f1 c9 6b 86 96 fc
> | 77 57 01 00 0d 00 00 14 4a 13 1c 81 07 03 58 45
> | 5c 57 28 f2 0e 95 45 2f 0d 00 00 14 7d 94 19 a6
> | 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 0d 00 00 14
> | cd 60 46 43 35 df 21 f8 7c fd b2 fc 68 b6 a4 48
> | 0d 00 00 14 90 cb 80 91 3e bb 69 6e 08 63 81 b5
> | ec 42 7b 1f 00 00 00 14 44 85 15 2d 18 b6 bb cd
> | 0b e8 a8 46 95 79 dd cc
> | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1
> | next event EVENT_RETRANSMIT in 10 seconds for #1
> | rejected packet:
> | 3f 44 12 37 b9 ad 33 f4 00 00 00 00 00 00 00 00
> | 01 10 02 00 00 00 00 00 00 00 01 38 0d 00 00 94
> | 00 00 00 01 00 00 00 01 00 00 00 88 00 01 00 04
> | 03 00 00 20 00 01 00 00 80 0b 00 01 80 0c 0e 10
> | 80 01 00 05 80 02 00 01 80 03 00 01 80 04 00 05
> | 03 00 00 20 01 01 00 00 80 0b 00 01 80 0c 0e 10
> | 80 01 00 05 80 02 00 02 80 03 00 01 80 04 00 05
> | 03 00 00 20 02 01 00 00 80 0b 00 01 80 0c 0e 10
> | 80 01 00 05 80 02 00 02 80 03 00 01 80 04 00 02
> | 00 00 00 20 03 01 00 00 80 0b 00 01 80 0c 0e 10
> | 80 01 00 05 80 02 00 01 80 03 00 01 80 04 00 02
> | 0d 00 00 10 4f 45 53 4a 49 6f 60 72 6b 63 64 62
> | 0d 00 00 14 af ca d7 13 68 a1 f1 c9 6b 86 96 fc
> | 77 57 01 00 0d 00 00 14 4a 13 1c 81 07 03 58 45
> | 5c 57 28 f2 0e 95 45 2f 0d 00 00 14 7d 94 19 a6
> | 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 0d 00 00 14
> | cd 60 46 43 35 df 21 f8 7c fd b2 fc 68 b6 a4 48
> | 0d 00 00 14 90 cb 80 91 3e bb 69 6e 08 63 81 b5
> | ec 42 7b 1f 00 00 00 14 44 85 15 2d 18 b6 bb cd
> | 0b e8 a8 46 95 79 dd cc
> | control:
> | 18 00 00 00 00 00 00 00 08 00 00 00 04 00 00 00
> | 44 f7 06 29 44 f7 06 29 2c 00 00 00 00 00 00 00
> | 0b 00 00 00 6f 00 00 00 02 03 03 00 00 00 00 00
> | 00 00 00 00 02 00 00 00 46 04 45 b4 00 00 00 00
> | 00 00 00 00
> | name:
> | 02 00 01 f4 46 04 45 b4 00 00 00 00 00 00 00 00
> "mycon" #1: ERROR: asynchronous network error report on ppp1
> (sport=500) for message to 70.4.69.180 port 500, complainant
> 70.4.69.180: Connection refused [errno 111, origin ICMP type
> 3 code 3 (not authenticated)]
> | next event EVENT_RETRANSMIT in 7 seconds for #1
> |
> | *time to handle event
> | handling event EVENT_RETRANSMIT
> | event after this is EVENT_PENDING_PHASE2 in 90 seconds
> | processing connection mycon
> | handling event EVENT_RETRANSMIT for 70.4.69.180 "mycon" #1
> | sending 312 bytes for EVENT_RETRANSMIT through ppp1:500 to
> 70.4.69.180:500:
> | 3f 44 12 37 b9 ad 33 f4 00 00 00 00 00 00 00 00
> | 01 10 02 00 00 00 00 00 00 00 01 38 0d 00 00 94
>
>
> and it repeats
>
> Please help
>
> Thanks in advance
>
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-294632
> 7?n=283155
More information about the Users
mailing list